﻿using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using Microsoft.OpenApi.Writers;
using System.Security.Claims;

namespace Ids4Extensions
{
    public class IdentityServer4Config
    {
        public static string SecretKey = "NativeSecretKey";

        public static IEnumerable<ApiScope> ApiScopes => new List<ApiScope> { new ApiScope("api") { UserClaims = { JwtClaimTypes.Name, JwtClaimTypes.Email } } };

        /// <summary>
        /// 定义资源范围
        /// </summary>
        public static IEnumerable<ApiResource> GetApiResources() => new List<ApiResource> { new ApiResource("api", "我的第一个API") };

        /// <summary>
        /// 定义访问的资源客户端
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
            {
               new Client
               {
                    ClientId = "mySwaggerClientId",
                    ClientName = "My Swagger UI",
                    AllowedGrantTypes = GrantTypes.Code,
                    RedirectUris = { "https://localhost:5002/swagger/oauth2-redirect.html" },
                    PostLogoutRedirectUris = { "https://localhost:5002/swagger/index.html" },
                    AllowedScopes =
                    {
                        "api1",
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "myApiScope"
                    },
                    AllowOfflineAccess = true,
                    RequirePkce = true,
                    RequireClientSecret = false
               }
            };
        }

        /// <summary>
        /// 这个方法是来规范tooken生成的规则和方法的。一般不进行设置，直接采用默认的即可。
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new IdentityResource[] { new IdentityResources.OpenId() };
        }

    }
}